Can't reach to a FreeBSD 5.3 machine trough a ppp connection
Mauricio Brunstein
brunstein at arnet.com.ar
Wed Nov 24 09:59:22 PST 2004
Hi!
I'm installing a machine that will be a firewall and a samba server for a 4
people office. The machine has 2 NICs and is connecting to the Internet
using PPPoE. It is using pf and ALTQ. Initially there was problems to
establish the PPPoE connection in the office, using the same ppp.conf that
previously worked in my lab (only changing the username/passwd). Here is my
ppp.conf file:
server:~ $ sudo cat /etc/ppp/ppp.conf
default:
set log Phase Chat LCP IPCP CCP tun command
set device PPPoE:fxp0
set mtu 1492
set mru 1492
enable mssfixup
set speed sync
disable acfcomp protocomp
deny acfcomp
set authname xxxxxxxxx
set authkey xxxxxxxxx
add default HISADDR
enable lqr
set lqrperiod 25
enable dns
I got some messages in ppp.log like this one,
Nov 23 15:00:35 server ppp[533]: tun0: LCP: deflink: -- Protocol 0x8057
(Internet Protocol V6 Control Pro
tocol) was rejected!
Nov 23 15:00:41 server ppp[533]: tun0: Phase: deflink: IPV6CP protocol
reject closes IPV6CP !
After that added "disable ipv6cp", and commented out "enable lqr" and
"set lqrperiod 25" and the connection didn't drop anymore. It seems that
this provider doesn't support lqr.
It appeared that everything was working fine, but when I tried to use ssh to
login to this box from outside was not possible. After some time of issuing
the ssh command, get the following error:
ssh: connect to host dsuaya.ath.cx port 22: Operation timed out.
After some tests, I discovered that changing router_enable to "YES" in the
/etc/rc.conf solved the problem.
But in the section "21.2.1.5 Final System Configuration" of the FreeBSD
handbook states:
"Make sure the router program set to NO with following line in your
/etc/rc.conf:
router_enable="NO"
It is important that the routed daemon is not started (it is by default), as
routed tends to delete the default routing table entries created by ppp."
So, is there another manner to resolve this? Note that I'm always able to
establish connections from this box to a host in the Internet but I can't
establish a connection from that hosts to this one if router_enable="NO".
Thanks in advance,
Mauricio.
Some data of interest:
server:~ $ uname -a
FreeBSD server.estudio 5.3-RELEASE-p1 FreeBSD 5.3-RELEASE-p1 #1: Tue Nov 23
02:13:24 ART 2004 root at server.estudio:/usr/obj/usr/src/sys/GENERICWALTQ
i386
server:~ $
server:~ $ cat /etc/rc.conf
# -- sysinstall generated deltas -- # Sun Nov 21 13:07:41 2004
# Created: Sun Nov 21 13:07:41 2004
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
#
hostname="server.estudio"
ifconfig_rl0="inet 192.168.2.1 netmask 255.255.255.0"
netd_enable="YES"
saver="dragon"
scrnmap="NO"
sshd_enable="YES"
sshd_flags="-4 -p 22"
usbd_enable="YES"
network_interfaces="lo0 tun0 rl0"
fconfig_tun0=
router_enable="YES" # remember to disable this!!!!!
#router_enable="NO" # Set to YES to enable a routing daemon.
router="/sbin/routed" # Name of routing daemon to use if enabled.
router_flags="-q" # Flags for routing daemon.
gateway_enable="YES" # Set to YES if this host will be a gateway
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_flags="" # additional flags for pfctl startup
#pflog_enable="YES" # start pflogd(8)
#pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
#pflog_flags="" # additional flags for pflogd startup
inetd_enable="YES" # Run the network daemon dispatcher
(YES/NO).
inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different
one.
inetd_flags="-wW -C 60" # Optional flags to inetd
server:~ $
server:~ $ cat /etc/start_if.tun0
ppp -ddial default; /usr/local/etc/ez-ipupdate.conf
_______________________________________________
freebsd-stable at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list